A few days back, when I noticed that I was not able to use scrapsTimeOut, a website that I had worked on some time ago. You can send virtual gifts to friends by pasting a FLASH codelet as a scrap. The error said that the Captcha that I was entering was wrong; there was no information about blocked code. I was worried if Orkut was blocking flash content from our site already!Interestingly, a friend told me that it all worked great on IE, and thats when I decided to investigate.Spending time peering over the obfuscated code, I finally hit the line of code that seemed to be causing this error. Here is what exactly happens when a Captcha is required

User enters FLASH Code, submits the page

Orkut responds with a captcha, on clicking the submit, the "_submitCaptcha" javascript function is called

In the Javascript file, the function is reassigned to a function called tf_Z.

The function checks for an AJAX request object called tf_, and if it is not null, aborts it. This is basically required to abort any pending AJAX request

It then constructs a new AJAX request and sends it to the server.

The abort method in step 4 effectively stops any previous AJAX requests. The callback also clears the captcha text box. Hence, in case of firefox, the abort method is called and hence, the new AJAX request does not have the captcha text when sent to the server. In case of IE, the call back is not activated, and hence works fine.To conclude, you cannot really paste the code by scrapsTimeout on Firefox, using IE till this bug is fixed is an option available.

A few days ago, I received a classic fraud mail, pointing me to a phished site of AXIS bank. The email read something like

Dear Valued Customer,During our regularly scheduled account maintenance and verificationprocedures, we havedetected a slight error in your Account billing information. Thismight be due to either of the following reasons:1. A recent updates in our billing server ( Due to slightly problem )2. A recent change in your personal information ( i.e. change of address).3. An inability to accurately verify your selected option of payment due to an internal error within our processors.

UTI is now AXIS.If you are an account holder of UTI, please follow the link below and enter correctly the information required of you.

iConnect is best used with Microsoft Internet Explorer Version 4.0 ((c) Microsoft) and higher. If you are getting the a Security Alert Message please Click here.Copyright(c) 2007 - Axis Bank. All rights reserved.

I got a little curious, and did a little analysis on the host that had the site running. Here are the findings. The windows box was registered at goDaddy.com for

A quick port scan revealed that the machine was most probably hosted on a non-professional network, mostly a home computer with services like anonymous FTP, windows RPC etc running. It seems to be a part of a wider botnet, possibly controlled using analogx. There was also SOCKS proxy running, that could be be nervous system communicating to this node.Here is the output of nMaping the box.

Update : The phishing site has been successfully been disabled. Interestingly, the domain name now points to 74.54.176.34 as opposed to 206.221.179.205 earlier. All the malicious services are also gone now, and the node is no longer a part of the botnet. Yet another phishing site taken down !! :)

Meebo has changed the function that logs in users. Here is the changed greasemonkey script that puts this function in to let users log in automatically. The function is now called gFrontPage.loginUser();The only change is to invoke that function after the time. You can find all me scripts related to meebo here.

A few days ago, I had written about a reputation management service, and how it could be applied to blogspot. I was peering over OASIS when I came across a presentation on Open Reputation Management System(ORMS) . The main charter of ORMS seems to prepare a framework so that reputation of users or devices and services can easily be shared across different websites. The proposal talked about using OpenID or SAML to enable reputation sharing.The details of the OpenID reputation system talks about using OpenID as a means to share reputation. The proposal is not very detailed and talks about a url that can be used to fetch the reputation of a certain user. I found some issues and thought of posting my ideas in this blog.

The URL returns REST data containing the reputation of a person. For privacy reasons, there could be restrictions of the people who can fetch the reputation of the subject entities. The Trusted Data exchange talks of a OpenID Provider using a reputation as a service, and hence, access management as to who sees the reputation can be implemented. Also, websites could return a JSON version of the REST response so that plugins can easily work with the reputation.Secondly, I did not see any easy mechanism for a user to rate any person. If this was also a REST call, submission of reputations would be easier.However, the most interesting thing that I would like to see in the proposal is the categorization and taxonomy of reputations. This is a problem many companies are trying to solve, and a standard around this would go a long way in interoperability. I am still waiting for someone to put up a reputation service so that I could trust the blogger reputation plugin that I wrote.

Saturday evening, and I was sure that the day was wasted. Thats why Jyothi showed me a cool website. Called http://thatsmymouse.com/, this is a site that enables people to browse a site simultaneously. A small HTML code has to be embedded inside a website and co-browsing functionality comes right in.I just wanted this to work even if a site does not have this embedded, and a bookmarklet is a simple way to do it. All that the bookmarklet does would be to append the code into the current page. I also converted it to a greasemonkey script that people could use.Just drag and drop this ThatsMyMouse bookmark to your bookmarks / favourites toolbar.

Alternatively, copy and paste this in the address bar when you are browsing a site to activate this functionality.

Watch this space for my investigations on the other great things that you can do with thatsmymouse.com !!